ISTM that you are asking if using a Vigenère cipher en.wikipedia.org/wiki/Vigen%C3%A8re_cipher, where you restrict the key to only contain any of the first ten letters in the alphabet, is as secure as using a Vigenère cipher, where the key might contain any of the 26 letters of the alphabet. Is that correct?
–
Henrick HellströmMay 3 '13 at 7:33

@HenrickHellström,fgrieu.. yes you are correct, I'll add numbers from 1-9 to encrypt each letter, otp used numbers from 1-26, SO if i use only first ten letters will it be the unbreakable otp or not.
–
sandyMay 3 '13 at 7:58

I've been told that historically this Gronsfeld cipher was actually used more often than the Vigenère cipher.
–
David CaryApr 21 '14 at 14:18

2 Answers
2

For instance, if you see the word guyk in the ciphertext, what could the corresponding plaintext word be?

With your scheme (where each letter is enciphered by adding a number between 0..9 to it modulo 26), there are only 139 English words that could have led to it. (Those 139 possibilities are things like arse, blue, bore, both, burg, bush, busk, club, cord, clue, cope, cord, core, ..., grue, gush, yore, york: all of the words where the first letter is in the range x-z or a-g, where the 2nd letter is in j-u, the third letter is in p-y, and the fourth letter is in b-k.)

If you had used a one-time pad (where each number is enciphered by adding a number between 1..26 to it modulo 26), all four-letter English words would be possible. In particular, there would be 13208 possibilities for the corresponding plaintext word.

Thus your scheme leaks information that greatly narrows down the number of words, from 13208 possibilities to just 139 possibilities.

Another example: unbreakable + 59460927644 = zwfxejmhhpi. If an attacker sees the ciphertext zwfxejmhhpi, he knows that the plaintext word must have the form q-z n-w w-f o-x v-e a-j d-m y-h y-h g-p z-i. There are only four English words that match that pattern: namely, unavailable, unbreakable, unbudgeable, and uncoachable. This gives the attacker a lot of information about the plaintext. The attacker may be able to figure out which word is most likely based upon context. Or, based upon the other candidates for other possible words in the sentence, the attacker may be able to recognize which word is correct.

If an attacker had the encipherment of an entire sentence, I suspect there would be only one plausible decryption, and it would be easy to find it by piecing together the possible decryptions of each word until you find something that makes sense as a sentence. If an attacker had the encipherment of an entire document, I suspect it would be easy for the attacker to recover much or all of the document.

That was a brilliant demonstration of your point!
–
John DetersMay 9 '13 at 21:47

wow your are genius, I'm impressed. But do u think that if I use numbers from 00-99 for every letter that will make it unbreakable, ex. blue+random numbers=02122105+54253549=56375644.
–
sandyMay 10 '13 at 17:20

Firstly, I presume this is not something you are going to use for protecting data in any kind of real life scenario, but are only asking out of curiosity.

Secondly, just to get the terminology straight and avoid confusion, what gives an OTP cryptographic scheme information theoretic security is that it meets both of the following two criteria:

The key space is exactly as large as the total message space across all messages encrypted. Hence the "One Time" part of the term. The criterion is not that the key is as "long" as each message you encrypt, but both that it is as long as all messages you encrypt combined, and that there are, at each position in your message, at least as many possible key values as there are possible plain text values. Also, when the key is selected, it must be in such way that at each position, no key value at that position is any more or any less probable than any other key value.

When, at each position in your message, you combine a plain text value with a key value to produce a cipher text value, this has to be done using an operation that does not make any cipher text value any more or any less probable, than any other cipher text value. It just happens that a couple of simple operations, such as modular addition or exclusive-or, have this property, provided that the first criterion is already met. Hence, it is not the use of those operations for combining the key with the plain text that makes an OTP into what it is. These operations only happen to be used because they are conveniently simple, provided you already got a key that meets the first criterion.

Consequently, the problem with your proposal is that it doesn't meet the first criterion, that the key space must be as large as the message space. Going with your example, if you are only going to encrypt a four letter string (and only going to do this once), you will get a key space of only $10^4 = 10000$ keys, but a message space of $26^4 = 456976$ possible plain texts.

To make things more concrete: if the plaintext is Y or N, and the attacker knows that, the adversary can deciper the ciphertext with certainty: any of NOPQRSTUVW means N, any of YZABCDEFGH means Y.
–
fgrieuMay 3 '13 at 10:58

Got it, but is that mean that if I use for every letters numbers from 00-99 will make the cipher text more secure like 26^99 = 1.2088194775318995500670606878852e+140 ??? in this example cipher text will be numbers not letters.
–
sandyMay 4 '13 at 7:17

1

Yes, that would work, in theory. Think of it like this: At each position the attacker sees a cipher text value in the range 0..99. The attacker guesses a plain text value in the range 1..26. Since, for each guessed plain text value, there is exactly one possible key value in the range 0..99 that is consistent with the guessed plain text value, seeing the cipher text does not provided the attacker with additional information regarding the plain text. Hence, you got perfect secrecy, presuming the key values are equiprobable, independent and never repeat.
–
Henrick HellströmMay 4 '13 at 7:59